package pers.archives.loginToken.config;

import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.stereotype.Component;
import pers.archives.common.constant.SecurityConstant;

/* 核心模块的授权配置提供器，安全模块涉及的url的授权配置在这里。
 *@program:archives-parent
 *@author: 赵浩浩
 *@Time: 2020/9/26  9:53
 */
@Component
@Order(Integer.MIN_VALUE)
public class ArchivesAuthorizeConfigProvider implements AuthorizeConfigProvider {

    /**
     * 配置不需要进行验证的url路径
     * @param config
     * @return
     */
    @Override
    public boolean config(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry config) {
        config.antMatchers(
                SecurityConstant.DEFAULT_AUTHENTICATION_URL,
                SecurityConstant.DEFAULT_SIGN_IN_PROCESSING_URL_FORM,
                SecurityConstant.DEFAULT_LOGOUT_URL
        ).permitAll();
        return false;
    }
}
